In this section we will provide different scenarios where a more complex ACL setup is required; we will still use component-wide permissions, however we will use agency-wide permissions, too, in order to fine tune the set of actions that every user can do.
Agency permissions inside Domus Organizer
Inside every agency, you will find a section like this one:
As you can see, the permissions are pretty much the same as the component-wide ones. The Component administrator permission is missing (of course), but we have a new one:
- Manage agency (agency.manage)
Allows the user to edit agency info and permissions
This is a very common scenario: let's you have two or more agencies on your site and you want agency A agents be able to edit property/customers of Agency A only, but they can't edit or add any new record in Agency B, they can only see them.
You can easily do that in Domus Organizer, you simply have to setup a different ACL.
First of all, we will create a group for every agency, plus two more groups for agency owners:
Inside Domus Organizer component options, in the permissions tab, we will leave all the permissions to Inherit, except for the Administrative access one; this means that no one will have component-wide permissions.
Now let's go inside the first agency profile (Acme agency in these examples) and set the permissions in this way:
Next we have to setup permissions for the agency owners:
Then we have to do the same steps for the second agency (RE agency in these examples):
Perfect, now you're ready to go! If you login with an user that belongs to the first agency, this is what he will see:
As you can see there is no checkbox for the first property, since it belongs to the second agency. If we open the details of the property, you will see that he can't edit it:
However, he can edit properties that belong to the his agency:
![[Note]](/media/com_docimport/admonition/note.png) | Note |
|---|---|
Of course the same logic applies to customers, we didn't created any screenshots just to save some space |
Summary
At the end of this example, we have what we were looking for: we have to different agencies, where employees can only edit the records that belong to their agency and only read other agencies ones.
This is a very common setup, however what if we want to completely hide customers or properties to agents of other agencies? We will discuss this scenario in the next section.